Interesting, indeed. Thanks for posting this.

That is interesting. I makes me wonder what was different or out of hand back in April when so many of us experienced the Adsense/Bot attack.

Along that line (and I know different than the topic of the article), in that case Google was surely knowledgeable about the identity of the IP addresses involved. And many of the more savvy Adsense publishers here were able to figure many of them out too.

So why, if that information is already in my site's raw logs and if anyone with enough knowledge can readily read through them and figure things out, is that information considered (evidently by Google) a privacy issue and not shared so to help control the fraudulent clicks problem? It's a privacy issue that someone can't tell me something contained in information I've already collected?

makes me wonder what was different or out of hand back in April when so many of us experienced the Adsense/Bot attack.

Maybe it was some variant of an attack similar to what was mentioned in the article (see below) There's no reason to think that there's only one way to skin this cat, nor just one entity doing the skinning. If the Google team saw something they hadn't seen before, or it came on in such a huge wave of traffic, it might take a bit to figure out how to knock it down.

showing a monster piece of traffic originating almost entirely from four IP addresses and one web server. The traffic, clearly all the work of some central entity, generated 100 million ad clicks on a single Google network over the course of just ten days.

As to this:

It's a privacy issue that someone can't tell me something contained in information I've already collected?

I don't know. Are we sure they say the reason they don't give out IP numbers is privacy? It's definitely privacy that they don't include them in Analytics. The thing is, first of all, handing you a bunch of IP numbers isn't really going to do much good. These sound like individually compromised computers or networks all over the world, and I know from my own experience that we're talking hundreds and thousands of new IP numbers every day (and mine was a small traffic site out of season, when it was hit) Plus if I was connecting via a hacked network, I'm not sure I'd want Google handing my IP number out to every publisher whose site I've visited, labeled "potentially invalid traffic" There's a lot of things at play here, and some huge infrastructures dedicated to getting a large piece of that pie. I'm not sure Google can win this fight. But if Google can't, I'm not sure who could. Whatever security or anti fraud technology one brain can think of, some other brain will always be able to figure out how to work around. Eventually.

If they were to publicize the infected IPs it would be useless to everyone and damaging to many. Too many reasons not to block individual IPs and/or telecoms/ISP IPs. You cannot prevent botnet traffic that is operating on infected computers.

Thanks for the article netmeg! A clear and informative writeup of what it is and what they're trying to do to deal with it. Good to know it is in their radar.

A very interesting article. Especially in view of what we all encountered just a couple weeks ago (a two-day spike in clicks and revenue for many of us). Can't get much more timely than this.

WDR

This is by far the best insight into this subject I've seen to date with the promise of even more enlightenment to come. Great post netmeg. It does imply that your bot attack may not be my bot attack, even if they're happening at the same time. G could be stifling one wave while 3 more are running undetected. Also tends to explain delays in revenue adjustments (no adjustment today but a big EOM adjustment later for example).

Blocking IP's (such as blocks for well-known server farms) has always seemed a radical approach to bandaging this wound but in certain cases, I've found it absolutely necessary. Keep the IP info Google, just make me a bot-net blocker for my web server and I'll be happy (said somewhat tongue in cheek).

The article most of all underlies that this is not a simple problem. I've believed all along that G is doing what it can to protect 1. Its own reputation and 2. It's advertisers. This has never been some Google conspiracy against publishers. This is not about losses in revenue because what you saw disappear from your Adsense account was never revenue to begin with. It was fraud.

"In the beginning there was fraud...and Google said, let there be Adsense and Adwords anyway."

Shows how vulneable G and Adsense really are. Unfortunately the G approach to rest of the world is slowly but surely increasing the number of organisations / people who harbour a grudge against them. A very dangerous game to play nowadays.

Are you saying the fraud is being perpetrated because people hate Google?

Very nice read, indeed.

And speaking of signals and patterns, IE appears to be the main culprit tool/target of choice for the baddies!

Some at Microsoft must be shaking their heads seeing how their product is being part of testing Google's might for all the wrong reasons. Nevertheless, boy am I glad IE has such a small share of audience on my sites! :D

This is one of the reasons I love Google. Without this level of oversight and fraud investigation, Adsense would be unworkable and unviable. The fact they continue to invest in it gives me hope that Adsense will be around for quite a while yet.

I also hope these thieves from Russia/eastern European (let's face it, that's where most of them are from) all die of some painful form of lower body cancer.

I also hope these thieves from Russia/eastern European (let's face it, that's where most of them are from) all die of some painful form of lower body cancer.

I had my ankles severely caned here once many moons ago for offering the very same opinion.

The article deserves a great big...WOW!

WinLister looks like a keeper.

I'll be using it when on-site at a place I suspect to be crawling with viruses.

Interesting that they call infected machines "Drones". I always thought they were called Zombies or zombie machines.

Thanks Netmeg & thank you Google for keeping it real!